LUCKNOW (CoinChapter.com) — On Aug 9, the Aave’s Earning Farm protocol, a platform catering to Ether, wrapped Bitcoin (wBTC) and USD Coin (USDC) holders, fell victim to a “reentrancy attack,” resulting in the theft of approximately $287,000 worth of Ether.
Blockchain security firm PeckShield brought the issue to light days after Curve Finance, another Defi platform, lost more than $70 million in a similar hacking incident.
The reentrancy attack executed on Aave’s Earning Farm protocol resembles an ATM tricking tactic, wherein hackers trick an ATM into repeatedly dispensing cash without realizing it has depleted the account balance.
In the digital realm, hackers use this method to trick systems into granting them more resources. Subsequently, they gain access beyond what is rightfully permitted. Invoking functions that interact with contracts rapidly execute this manipulation.
It exploits the time lag between function calls, providing unauthorized advantages.
Earning Farm’s Past Challenges and Auditing Efforts
Regrettably, this is not the first instance of Aave’s Earning Farm protocol facing adversity.
In October 2022, the protocol encountered two malicious hacks. These attacks targeted its EFLeverVault using flash loan techniques, leading to the loss of 750 ETH from the platform.
These tactics allow hackers to borrow substantial sums of cryptocurrency within a single transaction, manipulate its value through a sequence of transactions, and subsequently repay the loan in one fell swoop.
Furthermore, The vulnerabilities exploited during these attacks capitalize on temporary imbalances and price inconsistencies, enabling hackers to reap illicit profits.
The Earning Farm protocol had previously undergone an audit by the security firm Slowmist. This audit aimed to enhance its robustness against potential threats. However, the recent reentrancy attack has underscored the ever-evolving nature of cybersecurity challenges faced by DeFi platforms.
